Society is becoming ever more data driven. Companies are able to track their operations at increasing levels of granularity. For individuals, as more and more of their activity takes place, or is tracked, in the digital world, their personal information is often recorded, used, shared, and sold. Even discounting nefarious activities such as hacking, phishing, malware, and viruses, a tremendous amount of information regarding individuals can be gathered through sources such as the websites an individual visits, their actions on the websites, and activity on social networks. Information stored by companies, such as banks, medical providers, and employers, can also be sensitive.
Individuals and governments are increasingly sensitive to the collection and use of personal information. Various laws have been passed to try and specify what information about an individual can be collected, how it can be collected, and how it can be used, shared, or sold. While such laws can be beneficial for individuals, it can be difficult for companies, and particularly the individuals working at companies, to be aware of all the various laws and regulations that might apply to their activities. Even if a company or employee is aware of a law or regulation, laws and regulations can be difficult to understand, and their ramifications may not be clear without additional context. Thus, even companies and employees wishing to comply with relevant laws and regulations regarding the use of personal information may find it difficult to determine whether their actions, or proposed actions, will be legally compliant.